summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libssl/d1_clnt.c124
-rw-r--r--src/lib/libssl/s3_clnt.c138
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c124
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c138
4 files changed, 150 insertions, 374 deletions
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index 261e4e996f..b087535ce1 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.46 2015/07/14 05:26:32 doug Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.47 2015/07/15 18:35:34 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -881,37 +881,8 @@ dtls1_send_client_key_exchange(SSL *s)
881 } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { 881 } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
882 const EC_GROUP *srvr_group = NULL; 882 const EC_GROUP *srvr_group = NULL;
883 EC_KEY *tkey; 883 EC_KEY *tkey;
884 int ecdh_clnt_cert = 0;
885 int field_size = 0; 884 int field_size = 0;
886 885
887 /* Did we send out the client's
888 * ECDH share for use in premaster
889 * computation as part of client certificate?
890 * If so, set ecdh_clnt_cert to 1.
891 */
892 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) &&
893 (s->cert != NULL)) {
894 /* XXX: For now, we do not support client
895 * authentication using ECDH certificates.
896 * To add such support, one needs to add
897 * code that checks for appropriate
898 * conditions and sets ecdh_clnt_cert to 1.
899 * For example, the cert have an ECC
900 * key on the same curve as the server's
901 * and the key should be authorized for
902 * key agreement.
903 *
904 * One also needs to add code in ssl3_connect
905 * to skip sending the certificate verify
906 * message.
907 *
908 * if ((s->cert->key->privatekey != NULL) &&
909 * (s->cert->key->privatekey->type ==
910 * EVP_PKEY_EC) && ...)
911 * ecdh_clnt_cert = 1;
912 */
913 }
914
915 if (s->session->sess_cert->peer_ecdh_tmp != NULL) { 886 if (s->session->sess_cert->peer_ecdh_tmp != NULL) {
916 tkey = s->session->sess_cert->peer_ecdh_tmp; 887 tkey = s->session->sess_cert->peer_ecdh_tmp;
917 } else { 888 } else {
@@ -949,31 +920,12 @@ dtls1_send_client_key_exchange(SSL *s)
949 ERR_R_EC_LIB); 920 ERR_R_EC_LIB);
950 goto err; 921 goto err;
951 } 922 }
952 if (ecdh_clnt_cert) { 923
953 /* Reuse key info from our certificate 924 /* Generate a new ECDH key pair */
954 * We only need our private key to perform 925 if (!(EC_KEY_generate_key(clnt_ecdh))) {
955 * the ECDH computation. 926 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
956 */ 927 ERR_R_ECDH_LIB);
957 const BIGNUM *priv_key; 928 goto err;
958 tkey = s->cert->key->privatekey->pkey.ec;
959 priv_key = EC_KEY_get0_private_key(tkey);
960 if (priv_key == NULL) {
961 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
962 ERR_R_MALLOC_FAILURE);
963 goto err;
964 }
965 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) {
966 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
967 ERR_R_EC_LIB);
968 goto err;
969 }
970 } else {
971 /* Generate a new ECDH key pair */
972 if (!(EC_KEY_generate_key(clnt_ecdh))) {
973 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
974 ERR_R_ECDH_LIB);
975 goto err;
976 }
977 } 929 }
978 930
979 /* use the 'p' output buffer for the ECDH key, but 931 /* use the 'p' output buffer for the ECDH key, but
@@ -999,44 +951,38 @@ dtls1_send_client_key_exchange(SSL *s)
999 s, s->session->master_key, p, n); 951 s, s->session->master_key, p, n);
1000 memset(p, 0, n); /* clean up */ 952 memset(p, 0, n); /* clean up */
1001 953
1002 if (ecdh_clnt_cert) { 954 /* First check the size of encoding and
1003 /* Send empty client key exch message */ 955 * allocate memory accordingly.
1004 n = 0; 956 */
1005 } else { 957 encoded_pt_len = EC_POINT_point2oct(srvr_group,
1006 /* First check the size of encoding and 958 EC_KEY_get0_public_key(clnt_ecdh),
1007 * allocate memory accordingly. 959 POINT_CONVERSION_UNCOMPRESSED,
1008 */ 960 NULL, 0, NULL);
1009 encoded_pt_len = EC_POINT_point2oct(srvr_group,
1010 EC_KEY_get0_public_key(clnt_ecdh),
1011 POINT_CONVERSION_UNCOMPRESSED,
1012 NULL, 0, NULL);
1013
1014 encodedPoint = malloc(encoded_pt_len);
1015
1016 bn_ctx = BN_CTX_new();
1017 if ((encodedPoint == NULL) ||
1018 (bn_ctx == NULL)) {
1019 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1020 ERR_R_MALLOC_FAILURE);
1021 goto err;
1022 }
1023 961
1024 /* Encode the public key */ 962 encodedPoint = malloc(encoded_pt_len);
1025 n = EC_POINT_point2oct(srvr_group,
1026 EC_KEY_get0_public_key(clnt_ecdh),
1027 POINT_CONVERSION_UNCOMPRESSED,
1028 encodedPoint, encoded_pt_len, bn_ctx);
1029 963
1030 *p = n; /* length of encoded point */ 964 bn_ctx = BN_CTX_new();
1031 /* Encoded point will be copied here */ 965 if ((encodedPoint == NULL) ||
1032 p += 1; 966 (bn_ctx == NULL)) {
967 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
968 ERR_R_MALLOC_FAILURE);
969 goto err;
970 }
1033 971
1034 /* copy the point */ 972 /* Encode the public key */
1035 memcpy((unsigned char *)p, encodedPoint, n); 973 n = EC_POINT_point2oct(srvr_group,
1036 /* increment n to account for length field */ 974 EC_KEY_get0_public_key(clnt_ecdh),
1037 n += 1; 975 POINT_CONVERSION_UNCOMPRESSED,
976 encodedPoint, encoded_pt_len, bn_ctx);
1038 977
1039 } 978 *p = n; /* length of encoded point */
979 /* Encoded point will be copied here */
980 p += 1;
981
982 /* copy the point */
983 memcpy((unsigned char *)p, encodedPoint, n);
984 /* increment n to account for length field */
985 n += 1;
1040 986
1041 /* Free allocated memory */ 987 /* Free allocated memory */
1042 BN_CTX_free(bn_ctx); 988 BN_CTX_free(bn_ctx);
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index eed6cb5215..6bc5a8b622 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.116 2015/07/14 03:33:16 doug Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.117 2015/07/15 18:35:34 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2009,37 +2009,8 @@ ssl3_send_client_key_exchange(SSL *s)
2009 } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { 2009 } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
2010 const EC_GROUP *srvr_group = NULL; 2010 const EC_GROUP *srvr_group = NULL;
2011 EC_KEY *tkey; 2011 EC_KEY *tkey;
2012 int ecdh_clnt_cert = 0;
2013 int field_size = 0; 2012 int field_size = 0;
2014 2013
2015 /*
2016 * Did we send out the client's ECDH share for use
2017 * in premaster computation as part of client
2018 * certificate? If so, set ecdh_clnt_cert to 1.
2019 */
2020 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) &&
2021 (s->cert != NULL)) {
2022 /*
2023 * XXX: For now, we do not support client
2024 * authentication using ECDH certificates.
2025 * To add such support, one needs to add
2026 * code that checks for appropriate
2027 * conditions and sets ecdh_clnt_cert to 1.
2028 * For example, the cert have an ECC
2029 * key on the same curve as the server's
2030 * and the key should be authorized for
2031 * key agreement.
2032 *
2033 * One also needs to add code in ssl3_connect
2034 * to skip sending the certificate verify
2035 * message.
2036 *
2037 * if ((s->cert->key->privatekey != NULL) &&
2038 * (s->cert->key->privatekey->type ==
2039 * EVP_PKEY_EC) && ...)
2040 * ecdh_clnt_cert = 1;
2041 */
2042 }
2043 2014
2044 /* Ensure that we have an ephemeral key for ECDHE. */ 2015 /* Ensure that we have an ephemeral key for ECDHE. */
2045 if ((alg_k & SSL_kECDHE) && 2016 if ((alg_k & SSL_kECDHE) &&
@@ -2087,36 +2058,13 @@ ssl3_send_client_key_exchange(SSL *s)
2087 ERR_R_EC_LIB); 2058 ERR_R_EC_LIB);
2088 goto err; 2059 goto err;
2089 } 2060 }
2090 if (ecdh_clnt_cert) { 2061
2091 /* 2062 /* Generate a new ECDH key pair */
2092 * Reuse key info from our certificate 2063 if (!(EC_KEY_generate_key(clnt_ecdh))) {
2093 * We only need our private key to perform 2064 SSLerr(
2094 * the ECDH computation. 2065 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2095 */ 2066 ERR_R_ECDH_LIB);
2096 const BIGNUM *priv_key; 2067 goto err;
2097 tkey = s->cert->key->privatekey->pkey.ec;
2098 priv_key = EC_KEY_get0_private_key(tkey);
2099 if (priv_key == NULL) {
2100 SSLerr(
2101 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2102 ERR_R_MALLOC_FAILURE);
2103 goto err;
2104 }
2105 if (!EC_KEY_set_private_key(clnt_ecdh,
2106 priv_key)) {
2107 SSLerr(
2108 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2109 ERR_R_EC_LIB);
2110 goto err;
2111 }
2112 } else {
2113 /* Generate a new ECDH key pair */
2114 if (!(EC_KEY_generate_key(clnt_ecdh))) {
2115 SSLerr(
2116 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2117 ERR_R_ECDH_LIB);
2118 goto err;
2119 }
2120 } 2068 }
2121 2069
2122 /* 2070 /*
@@ -2144,47 +2092,41 @@ ssl3_send_client_key_exchange(SSL *s)
2144 2092
2145 memset(p, 0, n); /* clean up */ 2093 memset(p, 0, n); /* clean up */
2146 2094
2147 if (ecdh_clnt_cert) { 2095 /*
2148 /* Send empty client key exch message. */ 2096 * First check the size of encoding and
2149 n = 0; 2097 * allocate memory accordingly.
2150 } else { 2098 */
2151 /* 2099 encoded_pt_len = EC_POINT_point2oct(
2152 * First check the size of encoding and 2100 srvr_group,
2153 * allocate memory accordingly. 2101 EC_KEY_get0_public_key(clnt_ecdh),
2154 */ 2102 POINT_CONVERSION_UNCOMPRESSED,
2155 encoded_pt_len = EC_POINT_point2oct( 2103 NULL, 0, NULL);
2156 srvr_group, 2104
2157 EC_KEY_get0_public_key(clnt_ecdh), 2105 encodedPoint = malloc(encoded_pt_len);
2158 POINT_CONVERSION_UNCOMPRESSED, 2106
2159 NULL, 0, NULL); 2107 bn_ctx = BN_CTX_new();
2160 2108 if ((encodedPoint == NULL) ||
2161 encodedPoint = malloc(encoded_pt_len); 2109 (bn_ctx == NULL)) {
2162 2110 SSLerr(
2163 bn_ctx = BN_CTX_new(); 2111 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2164 if ((encodedPoint == NULL) || 2112 ERR_R_MALLOC_FAILURE);
2165 (bn_ctx == NULL)) { 2113 goto err;
2166 SSLerr( 2114 }
2167 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2168 ERR_R_MALLOC_FAILURE);
2169 goto err;
2170 }
2171
2172 /* Encode the public key */
2173 n = EC_POINT_point2oct(srvr_group,
2174 EC_KEY_get0_public_key(clnt_ecdh),
2175 POINT_CONVERSION_UNCOMPRESSED,
2176 encodedPoint, encoded_pt_len, bn_ctx);
2177 2115
2178 *p = n; /* length of encoded point */ 2116 /* Encode the public key */
2179 /* Encoded point will be copied here */ 2117 n = EC_POINT_point2oct(srvr_group,
2180 p += 1; 2118 EC_KEY_get0_public_key(clnt_ecdh),
2119 POINT_CONVERSION_UNCOMPRESSED,
2120 encodedPoint, encoded_pt_len, bn_ctx);
2181 2121
2182 /* copy the point */ 2122 *p = n; /* length of encoded point */
2183 memcpy((unsigned char *)p, encodedPoint, n); 2123 /* Encoded point will be copied here */
2184 /* increment n to account for length field */ 2124 p += 1;
2185 n += 1;
2186 2125
2187 } 2126 /* copy the point */
2127 memcpy((unsigned char *)p, encodedPoint, n);
2128 /* increment n to account for length field */
2129 n += 1;
2188 2130
2189 /* Free allocated memory */ 2131 /* Free allocated memory */
2190 BN_CTX_free(bn_ctx); 2132 BN_CTX_free(bn_ctx);
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 261e4e996f..b087535ce1 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: d1_clnt.c,v 1.46 2015/07/14 05:26:32 doug Exp $ */ 1/* $OpenBSD: d1_clnt.c,v 1.47 2015/07/15 18:35:34 beck Exp $ */
2/* 2/*
3 * DTLS implementation written by Nagendra Modadugu 3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. 4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -881,37 +881,8 @@ dtls1_send_client_key_exchange(SSL *s)
881 } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { 881 } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
882 const EC_GROUP *srvr_group = NULL; 882 const EC_GROUP *srvr_group = NULL;
883 EC_KEY *tkey; 883 EC_KEY *tkey;
884 int ecdh_clnt_cert = 0;
885 int field_size = 0; 884 int field_size = 0;
886 885
887 /* Did we send out the client's
888 * ECDH share for use in premaster
889 * computation as part of client certificate?
890 * If so, set ecdh_clnt_cert to 1.
891 */
892 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) &&
893 (s->cert != NULL)) {
894 /* XXX: For now, we do not support client
895 * authentication using ECDH certificates.
896 * To add such support, one needs to add
897 * code that checks for appropriate
898 * conditions and sets ecdh_clnt_cert to 1.
899 * For example, the cert have an ECC
900 * key on the same curve as the server's
901 * and the key should be authorized for
902 * key agreement.
903 *
904 * One also needs to add code in ssl3_connect
905 * to skip sending the certificate verify
906 * message.
907 *
908 * if ((s->cert->key->privatekey != NULL) &&
909 * (s->cert->key->privatekey->type ==
910 * EVP_PKEY_EC) && ...)
911 * ecdh_clnt_cert = 1;
912 */
913 }
914
915 if (s->session->sess_cert->peer_ecdh_tmp != NULL) { 886 if (s->session->sess_cert->peer_ecdh_tmp != NULL) {
916 tkey = s->session->sess_cert->peer_ecdh_tmp; 887 tkey = s->session->sess_cert->peer_ecdh_tmp;
917 } else { 888 } else {
@@ -949,31 +920,12 @@ dtls1_send_client_key_exchange(SSL *s)
949 ERR_R_EC_LIB); 920 ERR_R_EC_LIB);
950 goto err; 921 goto err;
951 } 922 }
952 if (ecdh_clnt_cert) { 923
953 /* Reuse key info from our certificate 924 /* Generate a new ECDH key pair */
954 * We only need our private key to perform 925 if (!(EC_KEY_generate_key(clnt_ecdh))) {
955 * the ECDH computation. 926 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
956 */ 927 ERR_R_ECDH_LIB);
957 const BIGNUM *priv_key; 928 goto err;
958 tkey = s->cert->key->privatekey->pkey.ec;
959 priv_key = EC_KEY_get0_private_key(tkey);
960 if (priv_key == NULL) {
961 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
962 ERR_R_MALLOC_FAILURE);
963 goto err;
964 }
965 if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) {
966 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
967 ERR_R_EC_LIB);
968 goto err;
969 }
970 } else {
971 /* Generate a new ECDH key pair */
972 if (!(EC_KEY_generate_key(clnt_ecdh))) {
973 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
974 ERR_R_ECDH_LIB);
975 goto err;
976 }
977 } 929 }
978 930
979 /* use the 'p' output buffer for the ECDH key, but 931 /* use the 'p' output buffer for the ECDH key, but
@@ -999,44 +951,38 @@ dtls1_send_client_key_exchange(SSL *s)
999 s, s->session->master_key, p, n); 951 s, s->session->master_key, p, n);
1000 memset(p, 0, n); /* clean up */ 952 memset(p, 0, n); /* clean up */
1001 953
1002 if (ecdh_clnt_cert) { 954 /* First check the size of encoding and
1003 /* Send empty client key exch message */ 955 * allocate memory accordingly.
1004 n = 0; 956 */
1005 } else { 957 encoded_pt_len = EC_POINT_point2oct(srvr_group,
1006 /* First check the size of encoding and 958 EC_KEY_get0_public_key(clnt_ecdh),
1007 * allocate memory accordingly. 959 POINT_CONVERSION_UNCOMPRESSED,
1008 */ 960 NULL, 0, NULL);
1009 encoded_pt_len = EC_POINT_point2oct(srvr_group,
1010 EC_KEY_get0_public_key(clnt_ecdh),
1011 POINT_CONVERSION_UNCOMPRESSED,
1012 NULL, 0, NULL);
1013
1014 encodedPoint = malloc(encoded_pt_len);
1015
1016 bn_ctx = BN_CTX_new();
1017 if ((encodedPoint == NULL) ||
1018 (bn_ctx == NULL)) {
1019 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
1020 ERR_R_MALLOC_FAILURE);
1021 goto err;
1022 }
1023 961
1024 /* Encode the public key */ 962 encodedPoint = malloc(encoded_pt_len);
1025 n = EC_POINT_point2oct(srvr_group,
1026 EC_KEY_get0_public_key(clnt_ecdh),
1027 POINT_CONVERSION_UNCOMPRESSED,
1028 encodedPoint, encoded_pt_len, bn_ctx);
1029 963
1030 *p = n; /* length of encoded point */ 964 bn_ctx = BN_CTX_new();
1031 /* Encoded point will be copied here */ 965 if ((encodedPoint == NULL) ||
1032 p += 1; 966 (bn_ctx == NULL)) {
967 SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
968 ERR_R_MALLOC_FAILURE);
969 goto err;
970 }
1033 971
1034 /* copy the point */ 972 /* Encode the public key */
1035 memcpy((unsigned char *)p, encodedPoint, n); 973 n = EC_POINT_point2oct(srvr_group,
1036 /* increment n to account for length field */ 974 EC_KEY_get0_public_key(clnt_ecdh),
1037 n += 1; 975 POINT_CONVERSION_UNCOMPRESSED,
976 encodedPoint, encoded_pt_len, bn_ctx);
1038 977
1039 } 978 *p = n; /* length of encoded point */
979 /* Encoded point will be copied here */
980 p += 1;
981
982 /* copy the point */
983 memcpy((unsigned char *)p, encodedPoint, n);
984 /* increment n to account for length field */
985 n += 1;
1040 986
1041 /* Free allocated memory */ 987 /* Free allocated memory */
1042 BN_CTX_free(bn_ctx); 988 BN_CTX_free(bn_ctx);
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index eed6cb5215..6bc5a8b622 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_clnt.c,v 1.116 2015/07/14 03:33:16 doug Exp $ */ 1/* $OpenBSD: s3_clnt.c,v 1.117 2015/07/15 18:35:34 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -2009,37 +2009,8 @@ ssl3_send_client_key_exchange(SSL *s)
2009 } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { 2009 } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
2010 const EC_GROUP *srvr_group = NULL; 2010 const EC_GROUP *srvr_group = NULL;
2011 EC_KEY *tkey; 2011 EC_KEY *tkey;
2012 int ecdh_clnt_cert = 0;
2013 int field_size = 0; 2012 int field_size = 0;
2014 2013
2015 /*
2016 * Did we send out the client's ECDH share for use
2017 * in premaster computation as part of client
2018 * certificate? If so, set ecdh_clnt_cert to 1.
2019 */
2020 if ((alg_k & (SSL_kECDHr|SSL_kECDHe)) &&
2021 (s->cert != NULL)) {
2022 /*
2023 * XXX: For now, we do not support client
2024 * authentication using ECDH certificates.
2025 * To add such support, one needs to add
2026 * code that checks for appropriate
2027 * conditions and sets ecdh_clnt_cert to 1.
2028 * For example, the cert have an ECC
2029 * key on the same curve as the server's
2030 * and the key should be authorized for
2031 * key agreement.
2032 *
2033 * One also needs to add code in ssl3_connect
2034 * to skip sending the certificate verify
2035 * message.
2036 *
2037 * if ((s->cert->key->privatekey != NULL) &&
2038 * (s->cert->key->privatekey->type ==
2039 * EVP_PKEY_EC) && ...)
2040 * ecdh_clnt_cert = 1;
2041 */
2042 }
2043 2014
2044 /* Ensure that we have an ephemeral key for ECDHE. */ 2015 /* Ensure that we have an ephemeral key for ECDHE. */
2045 if ((alg_k & SSL_kECDHE) && 2016 if ((alg_k & SSL_kECDHE) &&
@@ -2087,36 +2058,13 @@ ssl3_send_client_key_exchange(SSL *s)
2087 ERR_R_EC_LIB); 2058 ERR_R_EC_LIB);
2088 goto err; 2059 goto err;
2089 } 2060 }
2090 if (ecdh_clnt_cert) { 2061
2091 /* 2062 /* Generate a new ECDH key pair */
2092 * Reuse key info from our certificate 2063 if (!(EC_KEY_generate_key(clnt_ecdh))) {
2093 * We only need our private key to perform 2064 SSLerr(
2094 * the ECDH computation. 2065 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2095 */ 2066 ERR_R_ECDH_LIB);
2096 const BIGNUM *priv_key; 2067 goto err;
2097 tkey = s->cert->key->privatekey->pkey.ec;
2098 priv_key = EC_KEY_get0_private_key(tkey);
2099 if (priv_key == NULL) {
2100 SSLerr(
2101 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2102 ERR_R_MALLOC_FAILURE);
2103 goto err;
2104 }
2105 if (!EC_KEY_set_private_key(clnt_ecdh,
2106 priv_key)) {
2107 SSLerr(
2108 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2109 ERR_R_EC_LIB);
2110 goto err;
2111 }
2112 } else {
2113 /* Generate a new ECDH key pair */
2114 if (!(EC_KEY_generate_key(clnt_ecdh))) {
2115 SSLerr(
2116 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2117 ERR_R_ECDH_LIB);
2118 goto err;
2119 }
2120 } 2068 }
2121 2069
2122 /* 2070 /*
@@ -2144,47 +2092,41 @@ ssl3_send_client_key_exchange(SSL *s)
2144 2092
2145 memset(p, 0, n); /* clean up */ 2093 memset(p, 0, n); /* clean up */
2146 2094
2147 if (ecdh_clnt_cert) { 2095 /*
2148 /* Send empty client key exch message. */ 2096 * First check the size of encoding and
2149 n = 0; 2097 * allocate memory accordingly.
2150 } else { 2098 */
2151 /* 2099 encoded_pt_len = EC_POINT_point2oct(
2152 * First check the size of encoding and 2100 srvr_group,
2153 * allocate memory accordingly. 2101 EC_KEY_get0_public_key(clnt_ecdh),
2154 */ 2102 POINT_CONVERSION_UNCOMPRESSED,
2155 encoded_pt_len = EC_POINT_point2oct( 2103 NULL, 0, NULL);
2156 srvr_group, 2104
2157 EC_KEY_get0_public_key(clnt_ecdh), 2105 encodedPoint = malloc(encoded_pt_len);
2158 POINT_CONVERSION_UNCOMPRESSED, 2106
2159 NULL, 0, NULL); 2107 bn_ctx = BN_CTX_new();
2160 2108 if ((encodedPoint == NULL) ||
2161 encodedPoint = malloc(encoded_pt_len); 2109 (bn_ctx == NULL)) {
2162 2110 SSLerr(
2163 bn_ctx = BN_CTX_new(); 2111 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2164 if ((encodedPoint == NULL) || 2112 ERR_R_MALLOC_FAILURE);
2165 (bn_ctx == NULL)) { 2113 goto err;
2166 SSLerr( 2114 }
2167 SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
2168 ERR_R_MALLOC_FAILURE);
2169 goto err;
2170 }
2171
2172 /* Encode the public key */
2173 n = EC_POINT_point2oct(srvr_group,
2174 EC_KEY_get0_public_key(clnt_ecdh),
2175 POINT_CONVERSION_UNCOMPRESSED,
2176 encodedPoint, encoded_pt_len, bn_ctx);
2177 2115
2178 *p = n; /* length of encoded point */ 2116 /* Encode the public key */
2179 /* Encoded point will be copied here */ 2117 n = EC_POINT_point2oct(srvr_group,
2180 p += 1; 2118 EC_KEY_get0_public_key(clnt_ecdh),
2119 POINT_CONVERSION_UNCOMPRESSED,
2120 encodedPoint, encoded_pt_len, bn_ctx);
2181 2121
2182 /* copy the point */ 2122 *p = n; /* length of encoded point */
2183 memcpy((unsigned char *)p, encodedPoint, n); 2123 /* Encoded point will be copied here */
2184 /* increment n to account for length field */ 2124 p += 1;
2185 n += 1;
2186 2125
2187 } 2126 /* copy the point */
2127 memcpy((unsigned char *)p, encodedPoint, n);
2128 /* increment n to account for length field */
2129 n += 1;
2188 2130
2189 /* Free allocated memory */ 2131 /* Free allocated memory */
2190 BN_CTX_free(bn_ctx); 2132 BN_CTX_free(bn_ctx);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 07:09:14 +0000